PaulDotCom mailing list archives
Re: DNS Query capture and analysis
From: Frank McClain <frank.mc.42 () gmail com>
Date: Mon, 27 May 2013 20:23:04 -0500
Yes, NetworkMiner is good for that. Free version can only ingest 1GB pcaps, so keep that in mind. NetWitness Investigator also has a free/community version, same 1GB ingestion limit. The tools have different views, so depending on what/how you want to see results, one could work better for you than the other. Regards, Frank Frank McClain Sent from Vic20 over 4G On May 27, 2013 8:17 PM, "Ryan B" <broadydownunder () gmail com> wrote:
If you have used some of the already described methods to capture the traffic, Network Miner is a good tool for eating through it and pulling out interesting information. I believe it shows DNS requests and responses in one of the tabs. Hope this helps. Cheers On Tue, May 28, 2013 at 4:39 AM, John Bond <john.r.bond () gmail com> wrote:On 27 May 2013 03:53, Tim Parker <timparkersec () gmail com> wrote:What's the best way to capture and analyze DNS queries and responses on my LAN? Are there any good tools out there for this? I can run a full capture on the WAN interface, but then what's good for automating the extraction of the DNS traffic?try some of the following options dsc[1] for general overview stuff dns-anomaly[2] For anomaly detection dnstop[3] for general live overview stuff packetQ[4] SQL interface to pcap data with builtin dns support (very cool) some of the other tools at http://dns.measurement-factory.com/tools/ may also be usefull [1]https://www.dns-oarc.net/tools/dsc [2]https://gitweb.labs.nic.cz/?p=dns-anomaly.git;a=summary [3]http://dns.measurement-factory.com/tools/dnstop/ [4]https://github.com/dotse/PacketQ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- DNS Query capture and analysis Tim Parker (May 27)
- Re: DNS Query capture and analysis Carlos Perez (May 27)
- Re: DNS Query capture and analysis Doug Burks (May 27)
- Re: DNS Query capture and analysis xgermx (May 27)
- Re: DNS Query capture and analysis craig bowser (May 27)
- Re: DNS Query capture and analysis Robin Wood (May 27)
- Re: DNS Query capture and analysis Harri Sylvander (May 27)
- Re: DNS Query capture and analysis John Bond (May 27)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Frank McClain (May 28)
- Re: DNS Query capture and analysis Tim Parker (May 28)
- Re: DNS Query capture and analysis Jon Molesa (May 29)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Jon Molesa (May 28)
- Re: DNS Query capture and analysis allison nixon (May 29)
- Re: DNS Query capture and analysis Jon Molesa (May 30)
- Re: DNS Query capture and analysis Liam Randall (Jun 11)
- Re: DNS Query capture and analysis allison nixon (May 29)